Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44721

Shell KMS AWS support cannot decrypt responses

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker - P1
    • Resolution: Fixed
    • Affects Version/s: 4.2.0, 4.2.1
    • Fix Version/s: 4.2.2, 4.3.2
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.2
    • Sprint:
      Security 2019-12-02
    • Linked BF Score:
      46

      Description

      On November 13, 2019, AWS added a new field EncryptionResponse to the decrypt message response from KMS. This is not documented here as of the filing of this ticket. 

      EncryptionAlgorithm: "SYMMETRIC_DEFAULT",

      As a result, 4.2.0, and 4.2.1 shell cannot work with AWS KMS

        Attachments

          Issue Links

          is documented by

          Improvement - An improvement or enhancement to an existing feature or task. DOCS-13231 SERVER-44721: Change in AWS KMS response object breaks shell field level encryption

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: